]>
Commit | Line | Data |
---|---|---|
fa253735 | 1 | package PVE::Network::SDN::Controllers::EvpnPlugin; |
32602a38 AD |
2 | |
3 | use strict; | |
4 | use warnings; | |
cdf2c819 | 5 | |
074d270b AD |
6 | use PVE::INotify; |
7 | use PVE::JSONSchema qw(get_standard_option); | |
cdf2c819 TL |
8 | use PVE::Tools qw(run_command file_set_contents file_get_contents); |
9 | ||
10 | use PVE::Network::SDN::Controllers::Plugin; | |
1f543c5f | 11 | use PVE::Network::SDN::Zones::Plugin; |
f23633dc | 12 | use Net::IP; |
cdf2c819 | 13 | |
f5eabba0 | 14 | use base('PVE::Network::SDN::Controllers::Plugin'); |
32602a38 AD |
15 | |
16 | sub type { | |
fa253735 | 17 | return 'evpn'; |
8fb1ee7f AD |
18 | } |
19 | ||
32602a38 AD |
20 | sub properties { |
21 | return { | |
92526f0e TL |
22 | asn => { |
23 | type => 'integer', | |
24 | description => "autonomous system number", | |
25 | }, | |
26 | peers => { | |
27 | description => "peers address list.", | |
28 | type => 'string', format => 'ip-list' | |
29 | }, | |
32602a38 AD |
30 | }; |
31 | } | |
32 | ||
33 | sub options { | |
32602a38 | 34 | return { |
92526f0e TL |
35 | 'asn' => { optional => 0 }, |
36 | 'peers' => { optional => 0 }, | |
32602a38 AD |
37 | }; |
38 | } | |
39 | ||
40 | # Plugin implementation | |
8fb1ee7f | 41 | sub generate_controller_config { |
f23633dc | 42 | my ($class, $plugin_config, $controller_cfg, $id, $uplinks, $config) = @_; |
32602a38 | 43 | |
3caa7687 FG |
44 | my @peers; |
45 | @peers = PVE::Tools::split_list($plugin_config->{'peers'}) if $plugin_config->{'peers'}; | |
32602a38 | 46 | |
f23633dc AD |
47 | my $local_node = PVE::INotify::nodename(); |
48 | ||
074d270b | 49 | my $asn = $plugin_config->{asn}; |
f23633dc AD |
50 | my $ebgp = undef; |
51 | my $loopback = undef; | |
52 | my $autortas = undef; | |
53 | my $bgprouter = find_bgp_controller($local_node, $controller_cfg); | |
54 | if($bgprouter) { | |
55 | $ebgp = 1 if $plugin_config->{'asn'} ne $bgprouter->{asn}; | |
56 | $loopback = $bgprouter->{loopback} if $bgprouter->{loopback}; | |
57 | $asn = $bgprouter->{asn} if $bgprouter->{asn}; | |
58 | $autortas = $plugin_config->{'asn'} if $ebgp; | |
59 | } | |
074d270b AD |
60 | |
61 | return if !$asn; | |
32602a38 | 62 | |
92526f0e TL |
63 | my $bgp = $config->{frr}->{router}->{"bgp $asn"} //= {}; |
64 | ||
f23633dc | 65 | my ($ifaceip, $interface) = PVE::Network::SDN::Zones::Plugin::find_local_ip_interface_peers(\@peers, $loopback); |
32602a38 | 66 | |
f23633dc | 67 | my $remoteas = $ebgp ? "external" : $asn; |
17854295 | 68 | |
f23633dc | 69 | #global options |
92526f0e TL |
70 | my @controller_config = ( |
71 | "bgp router-id $ifaceip", | |
72 | "no bgp default ipv4-unicast", | |
73 | "coalesce-time 1000", | |
74 | ); | |
32602a38 | 75 | |
f23633dc AD |
76 | push(@{$bgp->{""}}, @controller_config) if keys %{$bgp} == 0; |
77 | ||
78 | @controller_config = (); | |
79 | ||
80 | #VTEP neighbors | |
81 | push @controller_config, "neighbor VTEP peer-group"; | |
82 | push @controller_config, "neighbor VTEP remote-as $remoteas"; | |
83 | push @controller_config, "neighbor VTEP bfd"; | |
84 | ||
85 | if($ebgp && $loopback) { | |
86 | push @controller_config, "neighbor VTEP ebgp-multihop 10"; | |
87 | push @controller_config, "neighbor VTEP update-source $loopback"; | |
88 | } | |
89 | ||
90 | # VTEP peers | |
32602a38 AD |
91 | foreach my $address (@peers) { |
92 | next if $address eq $ifaceip; | |
f23633dc | 93 | push @controller_config, "neighbor $address peer-group VTEP"; |
7d35eaf5 | 94 | } |
074d270b | 95 | |
92526f0e | 96 | push(@{$bgp->{""}}, @controller_config); |
074d270b | 97 | |
f23633dc | 98 | # address-family l2vpn |
56cdcac9 | 99 | @controller_config = (); |
f23633dc | 100 | push @controller_config, "neighbor VTEP activate"; |
56cdcac9 | 101 | push @controller_config, "advertise-all-vni"; |
f23633dc | 102 | push @controller_config, "autort as $autortas" if $autortas; |
92526f0e | 103 | push(@{$bgp->{"address-family"}->{"l2vpn evpn"}}, @controller_config); |
32602a38 AD |
104 | |
105 | return $config; | |
106 | } | |
107 | ||
56cdcac9 | 108 | sub generate_controller_zone_config { |
f23633dc AD |
109 | my ($class, $plugin_config, $controller, $controller_cfg, $id, $uplinks, $config) = @_; |
110 | ||
111 | my $local_node = PVE::INotify::nodename(); | |
0589eb09 | 112 | |
1de0abc0 | 113 | my $vrf = "vrf_$id"; |
0589eb09 | 114 | my $vrfvxlan = $plugin_config->{'vrf-vxlan'}; |
f23633dc | 115 | my $exitnodes = $plugin_config->{'exitnodes'}; |
92d8effb | 116 | my $advertisesubnets = $plugin_config->{'advertise-subnets'}; |
3d135423 | 117 | my $exitnodes_local_routing = $plugin_config->{'exitnodes-local-routing'}; |
f23633dc | 118 | |
56cdcac9 | 119 | my $asn = $controller->{asn}; |
f23633dc AD |
120 | my $ebgp = undef; |
121 | my $loopback = undef; | |
122 | my $autortas = undef; | |
123 | my $bgprouter = find_bgp_controller($local_node, $controller_cfg); | |
124 | if($bgprouter) { | |
125 | $ebgp = 1 if $controller->{'asn'} ne $bgprouter->{asn}; | |
126 | $loopback = $bgprouter->{loopback} if $bgprouter->{loopback}; | |
127 | $asn = $bgprouter->{asn} if $bgprouter->{asn}; | |
128 | $autortas = $controller->{'asn'} if $ebgp; | |
129 | } | |
0589eb09 AD |
130 | |
131 | return if !$vrf || !$vrfvxlan || !$asn; | |
132 | ||
92526f0e | 133 | # vrf |
56cdcac9 AD |
134 | my @controller_config = (); |
135 | push @controller_config, "vni $vrfvxlan"; | |
136 | push(@{$config->{frr}->{vrf}->{"$vrf"}}, @controller_config); | |
0589eb09 | 137 | |
f23633dc AD |
138 | #main vrf router |
139 | @controller_config = (); | |
140 | push @controller_config, "no bgp ebgp-requires-policy" if $ebgp; | |
141 | # push @controller_config, "!"; | |
142 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{""}}, @controller_config); | |
659c27c2 | 143 | |
f23633dc AD |
144 | if ($autortas) { |
145 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, "route-target import $autortas:$vrfvxlan"); | |
146 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, "route-target export $autortas:$vrfvxlan"); | |
147 | } | |
0589eb09 | 148 | |
b634e577 AD |
149 | my $is_gateway = $exitnodes->{$local_node}; |
150 | ||
0589eb09 AD |
151 | if ($is_gateway) { |
152 | ||
3d135423 AD |
153 | if (!$exitnodes_local_routing) { |
154 | @controller_config = (); | |
155 | #import /32 routes of evpn network from vrf1 to default vrf (for packet return) | |
156 | push @controller_config, "import vrf $vrf"; | |
157 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
158 | push(@{$config->{frr}->{router}->{"bgp $asn"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
0589eb09 | 159 | |
3d135423 AD |
160 | @controller_config = (); |
161 | #redistribute connected to be able to route to local vms on the gateway | |
162 | push @controller_config, "redistribute connected"; | |
163 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
164 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
165 | } | |
0589eb09 | 166 | |
56cdcac9 | 167 | @controller_config = (); |
0589eb09 | 168 | #add default originate to announce 0.0.0.0/0 type5 route in evpn |
56cdcac9 AD |
169 | push @controller_config, "default-originate ipv4"; |
170 | push @controller_config, "default-originate ipv6"; | |
171 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
92d8effb AD |
172 | } elsif ($advertisesubnets) { |
173 | ||
174 | @controller_config = (); | |
175 | #redistribute connected networks | |
176 | push @controller_config, "redistribute connected"; | |
177 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv4 unicast"}}, @controller_config); | |
178 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"ipv6 unicast"}}, @controller_config); | |
179 | ||
180 | @controller_config = (); | |
181 | #advertise connected networks type5 route in evpn | |
182 | push @controller_config, "advertise ipv4 unicast"; | |
183 | push @controller_config, "advertise ipv6 unicast"; | |
184 | push(@{$config->{frr}->{router}->{"bgp $asn vrf $vrf"}->{"address-family"}->{"l2vpn evpn"}}, @controller_config); | |
0589eb09 AD |
185 | } |
186 | ||
187 | return $config; | |
188 | } | |
189 | ||
3d135423 AD |
190 | sub generate_controller_vnet_config { |
191 | my ($class, $plugin_config, $controller, $zone, $zoneid, $vnetid, $config) = @_; | |
192 | ||
193 | my $exitnodes = $zone->{'exitnodes'}; | |
194 | my $exitnodes_local_routing = $zone->{'exitnodes-local-routing'}; | |
195 | ||
196 | return if !$exitnodes_local_routing; | |
197 | ||
198 | my $local_node = PVE::INotify::nodename(); | |
199 | my $is_gateway = $exitnodes->{$local_node}; | |
200 | ||
201 | return if !$is_gateway; | |
202 | ||
203 | my $subnets = PVE::Network::SDN::Vnets::get_subnets($vnetid, 1); | |
204 | my @controller_config = (); | |
205 | foreach my $subnetid (sort keys %{$subnets}) { | |
206 | my $subnet = $subnets->{$subnetid}; | |
207 | my $cidr = $subnet->{cidr}; | |
208 | push @controller_config, "ip route $cidr 10.255.255.2 xvrf_$zoneid"; | |
209 | } | |
210 | push(@{$config->{frr}->{''}}, @controller_config); | |
211 | } | |
212 | ||
32602a38 | 213 | sub on_delete_hook { |
56cdcac9 | 214 | my ($class, $controllerid, $zone_cfg) = @_; |
32602a38 | 215 | |
56cdcac9 AD |
216 | # verify that zone is associated to this controller |
217 | foreach my $id (keys %{$zone_cfg->{ids}}) { | |
92526f0e TL |
218 | my $zone = $zone_cfg->{ids}->{$id}; |
219 | die "controller $controllerid is used by $id" | |
220 | if (defined($zone->{controller}) && $zone->{controller} eq $controllerid); | |
5bda8607 | 221 | } |
32602a38 AD |
222 | } |
223 | ||
224 | sub on_update_hook { | |
56cdcac9 | 225 | my ($class, $controllerid, $controller_cfg) = @_; |
5bda8607 | 226 | |
c7bb4ac5 AD |
227 | # we can only have 1 evpn controller / 1 asn by server |
228 | ||
f23633dc | 229 | my $controllernb = 0; |
56cdcac9 AD |
230 | foreach my $id (keys %{$controller_cfg->{ids}}) { |
231 | next if $id eq $controllerid; | |
92526f0e | 232 | my $controller = $controller_cfg->{ids}->{$id}; |
f23633dc AD |
233 | next if $controller->{type} ne "evpn"; |
234 | $controllernb++; | |
235 | die "only 1 global evpn controller can be defined" if $controllernb > 1; | |
236 | } | |
237 | } | |
238 | ||
239 | sub find_bgp_controller { | |
240 | my ($nodename, $controller_cfg) = @_; | |
241 | ||
242 | my $controller = undef; | |
243 | foreach my $id (keys %{$controller_cfg->{ids}}) { | |
244 | $controller = $controller_cfg->{ids}->{$id}; | |
245 | next if $controller->{type} ne 'bgp'; | |
246 | next if $controller->{node} ne $nodename; | |
247 | last; | |
5bda8607 | 248 | } |
f23633dc AD |
249 | |
250 | return $controller; | |
32602a38 AD |
251 | } |
252 | ||
f23633dc | 253 | |
8fb1ee7f AD |
254 | sub sort_frr_config { |
255 | my $order = {}; | |
256 | $order->{''} = 0; | |
257 | $order->{'vrf'} = 1; | |
258 | $order->{'ipv4 unicast'} = 1; | |
259 | $order->{'ipv6 unicast'} = 2; | |
260 | $order->{'l2vpn evpn'} = 3; | |
bbf4e4b1 | 261 | $order->{'route-map'} = 200; |
8fb1ee7f AD |
262 | |
263 | my $a_val = 100; | |
264 | my $b_val = 100; | |
265 | ||
266 | $a_val = $order->{$a} if defined($order->{$a}); | |
267 | $b_val = $order->{$b} if defined($order->{$b}); | |
268 | ||
92526f0e | 269 | if ($a =~ /bgp (\d+)$/) { |
8fb1ee7f AD |
270 | $a_val = 2; |
271 | } | |
272 | ||
92526f0e | 273 | if ($b =~ /bgp (\d+)$/) { |
8fb1ee7f AD |
274 | $b_val = 2; |
275 | } | |
276 | ||
277 | return $a_val <=> $b_val; | |
278 | } | |
279 | ||
280 | sub generate_frr_recurse{ | |
281 | my ($final_config, $content, $parentkey, $level) = @_; | |
282 | ||
283 | my $keylist = {}; | |
284 | $keylist->{vrf} = 1; | |
285 | $keylist->{'address-family'} = 1; | |
286 | $keylist->{router} = 1; | |
bbf4e4b1 | 287 | $keylist->{'route-map'} = 1; |
8fb1ee7f AD |
288 | |
289 | my $exitkeylist = {}; | |
290 | $exitkeylist->{vrf} = 1; | |
291 | $exitkeylist->{'address-family'} = 1; | |
292 | ||
92526f0e | 293 | # FIXME: make this generic |
8fb1ee7f | 294 | my $paddinglevel = undef; |
92526f0e TL |
295 | if ($level == 1 || $level == 2) { |
296 | $paddinglevel = $level - 1; | |
8fb1ee7f | 297 | } elsif ($level == 3 || $level == 4) { |
92526f0e | 298 | $paddinglevel = $level - 2; |
8fb1ee7f AD |
299 | } |
300 | ||
301 | my $padding = ""; | |
302 | $padding = ' ' x ($paddinglevel) if $paddinglevel; | |
303 | ||
92526f0e | 304 | if (ref $content eq 'HASH') { |
8fb1ee7f AD |
305 | foreach my $key (sort sort_frr_config keys %$content) { |
306 | if ($parentkey && defined($keylist->{$parentkey})) { | |
92526f0e TL |
307 | push @{$final_config}, $padding."!"; |
308 | push @{$final_config}, $padding."$parentkey $key"; | |
309 | } elsif ($key ne '' && !defined($keylist->{$key})) { | |
310 | push @{$final_config}, $padding."$key"; | |
8fb1ee7f AD |
311 | } |
312 | ||
313 | my $option = $content->{$key}; | |
314 | generate_frr_recurse($final_config, $option, $key, $level+1); | |
315 | ||
316 | push @{$final_config}, $padding."exit-$parentkey" if $parentkey && defined($exitkeylist->{$parentkey}); | |
317 | } | |
318 | } | |
32602a38 | 319 | |
8fb1ee7f | 320 | if (ref $content eq 'ARRAY') { |
92526f0e | 321 | push @{$final_config}, map { $padding . "$_" } @$content; |
8fb1ee7f AD |
322 | } |
323 | } | |
324 | ||
9cef13e9 | 325 | sub generate_controller_rawconfig { |
8fb1ee7f AD |
326 | my ($class, $plugin_config, $config) = @_; |
327 | ||
659c27c2 AD |
328 | my $nodename = PVE::INotify::nodename(); |
329 | ||
8fb1ee7f AD |
330 | my $final_config = []; |
331 | push @{$final_config}, "log syslog informational"; | |
659c27c2 AD |
332 | push @{$final_config}, "ip forwarding"; |
333 | push @{$final_config}, "ipv6 forwarding"; | |
67a0f815 | 334 | push @{$final_config}, "frr defaults datacenter"; |
659c27c2 AD |
335 | push @{$final_config}, "service integrated-vtysh-config"; |
336 | push @{$final_config}, "hostname $nodename"; | |
8fb1ee7f AD |
337 | push @{$final_config}, "!"; |
338 | ||
0d1ab7dc | 339 | if (-e "/etc/frr/frr.conf.local") { |
0d1ab7dc AD |
340 | generate_frr_recurse($final_config, $config->{frr}->{vrf}, "vrf", 1); |
341 | push @{$final_config}, "!"; | |
342 | ||
cdf2c819 TL |
343 | my $local_conf = file_get_contents("/etc/frr/frr.conf.local"); |
344 | chomp ($local_conf); | |
345 | push @{$final_config}, $local_conf; | |
0d1ab7dc AD |
346 | } else { |
347 | generate_frr_recurse($final_config, $config->{frr}, undef, 0); | |
348 | } | |
8fb1ee7f AD |
349 | |
350 | push @{$final_config}, "!"; | |
351 | push @{$final_config}, "line vty"; | |
352 | push @{$final_config}, "!"; | |
353 | ||
354 | my $rawconfig = join("\n", @{$final_config}); | |
355 | ||
9cef13e9 AD |
356 | return if !$rawconfig; |
357 | return $rawconfig; | |
358 | } | |
359 | ||
360 | sub write_controller_config { | |
361 | my ($class, $plugin_config, $config) = @_; | |
362 | ||
363 | my $rawconfig = $class->generate_controller_rawconfig($plugin_config, $config); | |
8fb1ee7f AD |
364 | return if !$rawconfig; |
365 | return if !-d "/etc/frr"; | |
366 | ||
cdf2c819 | 367 | file_set_contents("/etc/frr/frr.conf", $rawconfig); |
8fb1ee7f AD |
368 | } |
369 | ||
fa609bdd AD |
370 | sub reload_controller { |
371 | my ($class) = @_; | |
372 | ||
373 | my $conf_file = "/etc/frr/frr.conf"; | |
659c27c2 AD |
374 | my $bin_path = "/usr/lib/frr/frr-reload.py"; |
375 | ||
376 | if (!-e $bin_path) { | |
377 | warn "missing $bin_path. Please install frr-pythontools package"; | |
378 | return; | |
379 | } | |
fa609bdd AD |
380 | |
381 | my $err = sub { | |
382 | my $line = shift; | |
659c27c2 AD |
383 | if ($line =~ /ERROR:/) { |
384 | warn "$line \n"; | |
fa609bdd AD |
385 | } |
386 | }; | |
387 | ||
388 | if (-e $conf_file && -e $bin_path) { | |
cdf2c819 | 389 | run_command([$bin_path, '--stdout', '--reload', $conf_file], outfunc => {}, errfunc => $err); |
fa609bdd AD |
390 | } |
391 | } | |
392 | ||
8fb1ee7f | 393 | 1; |
32602a38 | 394 | |
0589eb09 | 395 |